DNS zone transfer

Tool:

dig

dig AXFR @ns1.iitk.ac.in. iitk.ac.in

Common in internal networks

Sometimes mitigations like IP-base filtering are used to restrict access to DNS zone transfer based on IPs. But this can be bypassed: On internal pentests, pretend to be the secondary nameserver by spoofing its IP address, initiate a zone transfer & sniff the zone data